Dear Pros,
An error always pops out when windows loads stating that "path csrcs.exe not found'
Can you please teach me how to get rid of that error?
Thank you so much!
~gal3nsha~
Dear Pros,
An error always pops out when windows loads stating that "path csrcs.exe not found'
Can you please teach me how to get rid of that error?
Thank you so much!
~gal3nsha~
Hello.
First of all, fix with hijackthis the lines:Then run AVZ tool, upper menu "File" - "Custom scripts" - execute the scriptКод:F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\\.\globalroot\systemroot\system32\userinit.exe, O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exeAfter restart, upload quarantine via the link http://virusinfo.info/upload_virus_eng.php?tid=65095 , as it's described in app.3 of the rules and make new logs.Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); TerminateProcessByName('c:\windows\system32\csrcs.exe'); QuarantineFile('C:\WINDOWS\system32\e8main0.dll',''); QuarantineFile('C:\WINDOWS\system32\drivers\cdaudio.sys',''); QuarantineFile('C:\RECYCLER\S-1-5-21-9216634916-8139834972-024263371-4829\wnzip32.exe',''); QuarantineFile('c:\windows\system32\csrcs.exe',''); DeleteFile('c:\windows\system32\csrcs.exe'); BC_DeleteFile('c:\windows\system32\csrcs.exe'); DeleteFile('C:\RECYCLER\S-1-5-21-9216634916-8139834972-024263371-4829\wnzip32.exe'); BC_DeleteFile('C:\RECYCLER\S-1-5-21-9216634916-8139834972-024263371-4829\wnzip32.exe'); DeleteFile('C:\WINDOWS\system32\e8main0.dll'); BC_DeleteFile('C:\WINDOWS\system32\e8main0.dll'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{BB4C402F-882A-4526-8C08-51278EA437C1}'); BC_ImportquarantineList; BC_Activate; ExecuteSysClean; executerepair(6); executerepair(8); executerepair(9); executerepair(16); RebootWindows(true); end.
That totally fixed my problem!
Thank you so much!
Make new logs.
Сердце решает кого любить... Судьба решает с кем быть...
Aleksandra and Numb,
Sorry about the late posting of the logs.
I never noticed that there was a rule no.3 until you requested me to upload the logs. My first time here. Anyway, I have already done so through the link you gave me. They are in two separate zip files as i was doing the hijack etc. thing over 11pm on the 25th to 12am on the 26th of december.
Thank you so much for the assistance.
You have been a great help!
gal3nsha
Hello.
We have got your quarantine, but we haven't got your logs yet. Please, will you make all the 3 logs again as you've already made them in your post N1 and attach them to your new post here in this thread.
Okay, got the new logs done.
1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVZ:
3. Make new logs: virusinfo_syscheck and hijackthis.Код:begin SetAVZGuardStatus(True); RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221); DelBHO('{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'); DelBHO('{0BF43445-2F28-4351-9252-17FE6E806AA0}'); DeleteService('AVPsys'); DeleteFile('C:\WINDOWS\system32\drivers\cdaudio.sys'); BC_ImportDeletedList; ExecuteSysClean; ExecuteWizard('TSW', 3, 3, true); BC_Activate; RebootWindows(true); end.
Сердце решает кого любить... Судьба решает с кем быть...
New Logs:
I can see nothing harmful in your logs. Any problem more?
Сердце решает кого любить... Судьба решает с кем быть...
Всё хорошо сейчас, без проблема. Спасибо большой! С новым годом!